A MIME type can be spoofed because spoofing doesn't only apply to certifications (e.g. IP spoofing, caller ID spoofing[1], etc.). Spoofing merely means "tricking" or "lying" -- and this can introduce all kinds of complications. There are literally dozens of bugs (in all browsers, not just IE) that exist due to the fact that MIME types can often be misleading[2][3][4].
But the thing is that there is no tricking or lying. There is simply a syntactically invalid entity. And idiotic software that does completely irresponsible things when confronted with such syntactically invalid entities, such as feeding syntactically invalid JPEG images to the javascript interpreter.
MIME types also can not be misleading. MIME types are the authoritative declaration of what something is. If it's not that, then there is nothing misleading, it's simply invalid.
Framing this as "MIME spoofing" is about as sensible as calling a buffer overflow in some font renderer "machine code spoofing". If your font renderer under some circumstances takes pieces of the font description it is interpreting and feeds them to the CPU for execution, that is not "machine code spoofing", it's simply a buffer overflow vulnerability in your font renderer. And just as a font renderer shouldn't feed pieces of the font to the CPU for execution, a JPEG parser shouldn't feed pieces of the image to a javascript interpreter for execution.
[1] https://en.wikipedia.org/wiki/Caller_ID_spoofing
[2] https://www.mozilla.org/en-US/security/advisories/mfsa2005-1...
[3] https://blog.mozilla.org/security/2016/08/26/mitigating-mime...
[4] https://bugzilla.mozilla.org/show_bug.cgi?id=1295945